[supertroop]

It is so easy to use signature verification and even encrypted XIP with Mcuboot it just blows my mind that companies don’t.

Also the level of reverse engineering here is kinda bananas. I almost don’t believe he was able to find the transfer functions for the dsp bias equations w/o some source guidance. I mean that’s just bad ass if he did it without help.

[mforney]

I followed the code path when you change the cabinet type, and saw it write some values to the DSP based on a 2D array of doubles, one for each cabinet, each with 41 values, and it was processing them 5 at a time. Looking at the values, they were all in the range -2 to 2, and were very reminiscent of biquad filters I had learned about in another project (https://mforney.org/blog/2025-06-06-babyface-midi-protocol.h...) which was still pretty fresh in my mind.

I tried plotting them, and I got something that looked right when I inverted the denominator coefficients. I guess this is fairly standard practice because then the difference equation is all positive sums and it can be implemented with a bunch of multiply-accumulates.

However there were still some discrepancies in overall gain between different types (most lined up, but a couple did not). I saw another array of integers indexed by the cabinet type that had negative values, most with -23 but a couple with -12, which I figured must be a decibel gain correction. It was only after accounting for that and seeing the final graph in the post where everything lined up and looked plausible that I was pretty sure I had it right.

So, mostly just general familiarity with digital EQ filters and a bit of luck.

[krystalgamer]

> just blows my mind that companies don’t

i'm pleasantly surprised when products don't come with all the security features :) hopefully it was their intent and not a fluke.

the amount of hoops hobbyist hackers need to jump through in order to play around is really getting out of hand.

[TazeTSchnitzel]

Why should they lock their customers out of their own devices?

[supertroop]

Gross mischaracterization. Secure boot prevents malicious images. Also, you don’t own your device. Try reading a EULA some day. If people would stop buying gadgets in protest you would have better collective bargaining to own your device. But people are lazy and can’t go 15 seconds without a dopamine hit so we will never own our devices.